This invention relates generally to microprocessor architecture and more particularly to a method and system for protecting data on a computer system by monitoring loads of the translation lookaside buffer.
When multiple user processes execute on a computer system, the operating system helps the CPU to prevent memory conflicts by prohibiting each user process from accessing the address space of other user processes. The operating system and other kernel mode programs may, on the other hand, access the memory of any of the user processes. This unrestricted memory-accessing ability makes it possible for the operating system or other kernel mode programs to be used to copy proprietary or confidential data from any user process and allows someone to use the data in an unethical or unauthorized way. If the data are a movie, for example, a video pirate could make and sell multiple copies. In another example, a thief could steal credit card information from a consumer""s electronic-commerce application and use the information to make unauthorized charges.
While it is theoretically possible to develop and test an operating system that is completely trustworthy and unable to be used for such purposes, modem operating systems are so large (around 33 million lines of code in the case of the MICROSOFT WINDOWS 2000-brand operating system) and change so quickly that this approach is impractical. Furthermore, requiring an entire operating system to be verified would make it difficult to add new kernel-mode drivers, components, and other features. Finally, even a verified operating system can only protect against software-based attacks on data. A malicious user may be able to steal data from memory by circumventing the operating system entirely. Thus, it can be seen that there is a need for an improved method and system for protecting data on a computer system.
In accordance with this need, a method and a system for protecting data on a computer system are provided. According to the method and system, one or more restricted areas of memory in which proprietary or confidential data may safely be stored are provided. A translation lookaside buffer (TLB) is used to regulate access to the restricted memory. When a TLB miss occurs during the execution of a program, the TLB-miss handling logic determines whether the program is attempting to access restricted memory and whether it is authorized to do so. Since handling a TLB miss is already a time-consuming process, the additional time required to make such a determination will be negligible in comparison. If the program is not authorized to have access, then the TLB-miss handling logic generates an exception, such as an invalid page fault, and the TLB is not loaded. If the program is authorized to have access to the restricted memory, then the TLB is loaded with the appropriate address translation. As long as the translation remains in the TLB, future accesses to the restricted memory by an authorized program will require no additional checks and no additional CPU time. to have access to the restricted memory, then the TLB is loaded with the appropriate address translation. As long as the translation remains in the TLB, future accesses to the restricted memory by an authorized program will require no additional checks and no additional CPU time.
Additional features and advantages of the invention will be made apparent from the following detailed description of illustrative embodiments which proceeds with reference to the accompanying figures.